PDA

View Full Version : FBI warns that Android phones are havens for malware




towboattrash34
Oct 15, 2012, 03:05 PM
Now here is 1 reason Not to get an S3. I don't need 50.
Besides Android is just boring.

http://m.yahoo.com/w/legobpengine/news/fbi-warns-android-phones-havens-malware-181958059.html?orig_host_hdr=news.yahoo.com&.intl=US&.lang=en-US

A division of the Federal Bureau of Investigation has issued a warning to smartphone users about mobile malware and device safety, specifically regarding the Android operating system. A report published late last week the Internet Crime Complaint Center revealed that it has been made aware of various malware attacks, such as Loozfon and FinFisher, that target Android smartphones. Each malware is different and can range from stealing a user’s address book to completely taking over the infected device. The agency notes that Loozfon and FinFisher are just two examples of active malware that are used by criminals and users should take precautions to protecting their devices.

When purchasing a smartphones users should know the features of the device and use protective features such as device encryption and antivirus software to guard personal data. When downloading and purchasing apps, the FBI advises that users not only read reviews but also understand the permissions, such as Geo-location, they are granting the apps. Geo-location is used in applications to track a user’s location mostly for marketing purposes, but it can also be used for malicious purposes such as cyber stalker or burglaries.

The agency recommends that for physical security smartphone owners should consider locking their devices with a pass code and only connect to trusted Wi-Fi networks. Lastly, smartphones should always be kept up-to-date and users should avoid jailbreaking or rooting their devices to avoid greater security concerns.

All in all, users should be using the same precautions on their mobile phone as they do on their computers.



daveathall
Oct 15, 2012, 03:11 PM
Is a jailbroken iPhone as safe as a non jailbroken iPhone? I ask the question because I don't know the answer.

zbarvian
Oct 15, 2012, 03:13 PM
Open isn't all that. Google needs to start enforcing a review process, just like Apple. Then we'll get higher quality apps with far less malware. Nobody wants to worry about this garbage.

3bs
Oct 15, 2012, 03:33 PM
Apparently FinFisher, which is mentioned in that link you posted, can also take control of iPhones. http://www.bgr.com/2012/08/30/iphone-android-malware-finfisher/

Android is definitely not boring and if it is then iOS is more boring.

towboattrash34
Oct 15, 2012, 04:21 PM
Apparently FinFisher, which is mentioned in that link you posted, can also take control of iPhones. http://www.bgr.com/2012/08/30/iphone-android-malware-finfisher/

Android is definitely not boring and if it is then iOS is more boring.

I can do 100 x more with a jailbroke device than I can with a rooted android device. I had a 10" toshiba thrive tablet rooted,I gave away besides only a couple of themes there is not much to it. With a jailbroke iPad/iPhone there is 100's of tweaks,themes and other stuff u can do. Heck you can take a jailbroke iPod and walk in to a business and hack their servers and they would not know it was you.

And beside that how many diff OS does android have. There is no telling what OS you will have on what device. They need to get their crap together

xuselppa
Oct 15, 2012, 04:50 PM
In other news, scientists discover humans breathe air. :rolleyes:

MacRumorUser
Oct 15, 2012, 04:53 PM
Nevermind the piss fighting please folks. Yes you all have big dongs and no none of you are going to get laid waving them around & bickering about whether iOS or Android is boring :rolleyes::p



Google do need to do a little housekeeping and vetting on their App store. Yes its good they have the 15 minute return period, but often you realise too late that what you have bought is a turkey, especially if you buy on playstore and send to your device wirelessly, you might not test the application within that 15 minute period.

There is a lot of rouge software, regardless of malware or security risks. There is a lot of software on the Play store that simply is broken, and whilst App Store on iOS can suffer at times, there is nothing like the amount that is on the Google app store.

As a consumer, I actually would like them to vet the goods they sell in their store.


Let me give you an analogy..

If you went into a retail store in your home town and they had a lot of products with great descriptions, that you thought OK i'll buy that.

You went home only to find the box contained nothing but a steaming turd, that you got on your hands when you opened it...

You would expect to be able to 1) return it to the store, even if was after 15 minutes and get a refund, and 2) you would want to know why the store is stocking this crap in a box and not vetting the stock they sold to their customers.

Oohara
Oct 15, 2012, 05:33 PM
Nevermind the piss fighting please folks. Yes you all have big dongs and no none of you are going to get laid waving them around & bickering about whether iOS or Android is boring :rolleyes::p
This should be the page title for every single thread on this subforum. :D

einmusiker
Oct 15, 2012, 05:35 PM
yawn. enjoy your overpriced 5-year-old software

xuselppa
Oct 15, 2012, 05:39 PM
Open isn't all that. Google needs to start enforcing a review process, just like Apple. Then we'll get higher quality apps with far less malware. Nobody wants to worry about this garbage.

A review process by Google would be helpful, but not really needed for anyone with a touch of common sense. I mean a flashlight app that has permissions to access your contacts should be a red flag.

zbarvian
Oct 15, 2012, 05:41 PM
A review process by Google would be helpful, but not really needed for anyone with a touch of common sense. I mean a flashlight app that has permissions to access your contacts should be a red flag.

How about just not letting that crap into the Play Store in the first place? Anti-Virus apps shouldn't exist on a mobile phone, we should be moving past that nonsense. And common sense can only go so far.

smellysox8
Oct 15, 2012, 05:44 PM
i can do 100 x more with a jailbroke device than i can with a rooted android device

lol@troll

LIVEFRMNYC
Oct 15, 2012, 05:45 PM
I can do 100 x more with a jailbroke device than I can with a rooted android device.

That made me laugh. It's actually the other way around.

blackhand1001
Oct 15, 2012, 05:47 PM
I can do 100 x more with a jailbroke device than I can with a rooted android device. I had a 10" toshiba thrive tablet rooted,I gave away besides only a couple of themes there is not much to it. With a jailbroke iPad/iPhone there is 100's of tweaks,themes and other stuff u can do. Heck you can take a jailbroke iPod and walk in to a business and hack their servers and they would not know it was you.

And beside that how many diff OS does android have. There is no telling what OS you will have on what device. They need to get their crap together

Wow, you are really uninformed. If you think you can do more with jailbreak then you really don't know anything about the difference between open source software and closed source. You literally can change just about anything in android. In iOS your stuff with basic hacks and changing bitmaps. Theres loads of other things you can do like custom roms, kernels, mods and loads of other stuff. I could go on and on but you obivously have your mind set on iOS. Nothing I say is going to change your mind. I do IT work and have dealth with 100s maybe 1000's of phones. I have never actually come across one with an android virus. They just aren't common. No more common than iOS viruses which make it into the store as well.

Vetvito
Oct 15, 2012, 05:57 PM
FBI warns that Windows is a haven for malware. Sounds about right.

AdrianK
Oct 15, 2012, 06:01 PM
Heck you can take a jailbroke iPod and walk in to a business and hack their servers and they would not know it was you.
Source?

supervelous
Oct 15, 2012, 06:24 PM
I REALLY hope for humanity's sake, that anyone who involves themselves in flame-wars about ios vs Android is under the age of 20.


It's OK to say YOU prefer one over the other, but the way some of these posts and new threads are worded, it's clear some people are just trolling. I guess if you're a teen it's OK to be immature, reminds me of Xbox 360 vs PS3.

I probably engaged in some of it myself in the Genesis vs SNES days. Now that I'm an adult, I just buy what I like and don't worry about other people's opinions.

I own a PS3 and Xbox 360, and an S3 and Iphone 5. Although I may return either the S3 or Iphone 5, they're both GREAT phones, love them both for different reasons.

ChazUK
Oct 15, 2012, 08:00 PM
Managed to stay malware free since 2009 on Android.

No Warez. Always review permissions. Always source apps from reputable developers.

It's not been hard for me to keep safe sticking by those rules. For those who want to save 70 odd pennies or 99 cents to pirate the odd game and get infected, tough luck!

AzN1337c0d3r
Oct 15, 2012, 08:09 PM
Does anyone actually make a purchasing decision based on the amount of malware an operating system receives? Is that why still ~90% of the market for PCs still belong to Microsoft?

Anyways with some common sense, you can pretty much guarantee you will never get malware.

The choice between Android and iOS for me is mainly about freedom. I carry my phone everywhere, so I expect it to be the most flexible in terms of getting **** done™.

Based on that the IP5 was automatically disqualified when I was looking at using my upgrade.

My use-cases with a tablet, however did not require as much freedoms. I mainly use my tablet as a media-consumption device and Apple's implementation in these areas I felt were slightly superior to Android.

My other use-case for my tablet was use in emergencies as a tethering connection.

The iPad3 w/ Verizon made a happy compromise for me.

zbarvian
Oct 15, 2012, 08:27 PM
Does anyone actually make a purchasing decision based on the amount of malware an operating system receives? Is that why still ~90% of the market for PCs still belong to Microsoft?

Anyways with some common sense, you can pretty much guarantee you will never get malware.

The choice between Android and iOS for me is mainly about freedom. I carry my phone everywhere, so I expect it to be the most flexible in terms of getting **** done™.

Based on that the IP5 was automatically disqualified when I was looking at using my upgrade.

My use-cases with a tablet, however did not require as much freedoms. I mainly use my tablet as a media-consumption device and Apple's implementation in these areas I felt were slightly superior to Android.

My other use-case for my tablet was use in emergencies as a tethering connection.

The iPad3 w/ Verizon made a happy compromise for me.

There's no reason the Play Store should have any more malware than the App Store. And I'm pretty sure the 85% of the PC market is dominated by Microsoft is due to the relatively high prices of a Mac.

onthecouchagain
Oct 15, 2012, 08:35 PM
Does anyone actually make a purchasing decision based on the amount of malware an operating system receives? Is that why still ~90% of the market for PCs still belong to Microsoft?

Anyways with some common sense, you can pretty much guarantee you will never get malware.


I've said this before, certain iOS-devotees are really beginning to split hairs for reasons to hate on Android.

zbarvian
Oct 15, 2012, 08:36 PM
I've said this before, certain iOS-devotees are really beginning to split hairs for reasons to hate on Android.

And Android users are doing likewise to hate on iOS. The argument is two-sided.

onthecouchagain
Oct 15, 2012, 08:45 PM
The choice between Android and iOS for me is mainly about freedom. I carry my phone everywhere, so I expect it to be the most flexible in terms of getting **** done™.

Based on that the IP5 was automatically disqualified when I was looking at using my upgrade.

My use-cases with a tablet, however did not require as much freedoms. I mainly use my tablet as a media-consumption device and Apple's implementation in these areas I felt were slightly superior to Android.



I am in the same exact boat. I demand more from my smartphone which I carry everywhere and need to do more important things on. That's why I go Nexus.

However, for my tablet usage, it is more leisurely and fun. I go iPad 3. I'm not convinced Android can provide a good enough tablet experience (unless you're strictly looking for an ereader).

And the concept of "freedom" isn't only about customizing aesthetics -- a grand misconception. It's also about customizing the usability of the device so that it's catered specifically to one's needs. Which keyboard, which browser, which default Mail system, which lock screen should load up when you wake the device... all these things make the device uniquely yours.

It's a beautiful thing.

----------

And Android users are doing likewise to hate on iOS. The argument is two-sided.

I'm sure some are, but you're dreaming if you think the fanboys on both sides are equal. The level of blatant obfuscation and the scale of the misconceptions of Android's shortcomings, and the intellectual inconsistencies when it comes to viewing Apple versus the competition is so one-sided for many iOS-devotees that it's laughable.

And worse, it's detrimental to Apple.

You just don't see this sort of fervent behavior as much with Android lovers. Sure, they'll rise up to defend Android when there are blatant mistruths told about their platform, but they seem to talk more candidly, are more forthcoming, and realistic about Android's shortcomings (of which there are plenty). And you don't get this sort of trivial nitpicking you do with iOS-devotees. About how the App Store has more than the Play Store. Or how terrible ads are when they ignore there are paid-options. Or how millisecond-differences in responsiveness is a deal-breaker.

Really, how many times have the words "it just works" been uttered on these very boards (never mind in public by the masses)? Any genuine Apple fan interested in seeing Apple improve should be embarrassed by that phrase.

Hey, if Iphone is better for you, groovy, mate, but you're really splitting hairs when you try to point out why Android is so unacceptable.

zbarvian
Oct 15, 2012, 09:11 PM
I am in the same exact boat. I demand more from my smartphone which I carry everywhere and need to do more important things on. That's why I go Nexus.

However, for my tablet usage, it is more leisurely and fun. I go iPad 3. I'm not convinced Android can provide a good enough tablet experience (unless you're strictly looking for an ereader).

And the concept of "freedom" isn't only about customizing aesthetics -- a grand misconception. It's also about customizing the usability of the device so that it's catered specifically to one's needs. Which keyboard, which browser, which default Mail system, which lock screen should load up when you wake the device... all these things make the device uniquely yours.

It's a beautiful thing.

----------



I'm sure some are, but you're dreaming if you think the fanboys on both sides are equal. The level of blatant obfuscation and the scale of the misconceptions of Android's shortcomings, and the intellectual inconsistencies when it comes to viewing Apple versus the competition is so one-sided for many iOS-devotees that it's laughable.

And worse, it's detrimental to Apple.

You just don't see this sort of fervent behavior as much with Android lovers. Sure, they'll rise up to defend Android when there are blatant mistruths told about their platform, but they seem to talk more candidly, are more forthcoming, and realistic about Android's shortcomings (of which there are plenty). And you don't get this sort of trivial nitpicking you do with iOS-devotees. About how the App Store has more than the Play Store. Or how terrible ads are when they ignore there are paid-options. Or how millisecond-differences in responsiveness is a deal-breaker.

Really, how many times have the words "it just works" been uttered on these very boards (never mind in public by the masses)? Any genuine Apple fan interested in seeing Apple improve should be embarrassed by that phrase.

Hey, if Iphone is better for you, groovy, mate, but you're really splitting hairs when you try to point out why Android is so unacceptable.

There's no intellectual disparity. Look at any YouTube video that favors the iPhone over an Android device and you'll see it having an overwhelming amount of dislikes, and the comments are like "u suk Android the best". The Android enthusiast argument that iOS is a toy and that we live in the same grid of icons is just as worthless as the cheap iOS arguments.

cynics
Oct 16, 2012, 08:24 AM
Can someone please post a link to an app in google play that has malware/virus? It's such a huge problem it should be very easy.

paulsalter
Oct 16, 2012, 08:35 AM
All in all, users should be using the same precautions on their mobile phone as they do on their computers.

Exactly, use a bit of common sense when installing apps

If I download dodgy apps from a torrent site or some other unknown source (for any platform) it's risky

If google are allowing software like this, I would like to see a play store link for it, or the name of the app

thewitt
Oct 16, 2012, 09:05 AM
Apparently FinFisher, which is mentioned in that link you posted, can also take control of iPhones. http://www.bgr.com/2012/08/30/iphone-android-malware-finfisher/

Android is definitely not boring and if it is then iOS is more boring.

Applications cannot be installed on a stock iPhone by just visiting a website. There is no way for the trojan portion of this spy app to sneak onto your stock iPhone.

paulsalter
Oct 16, 2012, 09:14 AM
Applications cannot be installed on a stock iPhone by just visiting a website. There is no way for the trojan portion of this spy app to sneak onto your stock iPhone.

Applications cannot be installed on stock Android by visiting a website as default

you have to specifically go in and enable the option to install from outside google play, then you can install from anywhere

VulchR
Oct 16, 2012, 12:26 PM
Managed to stay malware free since 2009 on Android....

So you think, so you think. :p

munkery
Oct 16, 2012, 01:46 PM
Can someone please post a link to an app in google play that has malware/virus? It's such a huge problem it should be very easy.

If it is known to be malware, it would have already been pulled from google play.

But, malware has been found in google play.

http://blogs.cio.com/mobile-security/17227/android-malware-infiltrates-google-play-store-infects-100k-devices

http://news.cnet.com/8301-1009_3-57470729-83/malware-went-undiscovered-for-weeks-on-google-play/

blackhand1001
Oct 16, 2012, 02:34 PM
If it is known to be malware, it would have already been pulled from google play.

But, malware has been found in google play.

http://blogs.cio.com/mobile-security/17227/android-malware-infiltrates-google-play-store-infects-100k-devices

http://news.cnet.com/8301-1009_3-57470729-83/malware-went-undiscovered-for-weeks-on-google-play/

There have been similar malware in the app store over time as well.

zbarvian
Oct 16, 2012, 02:53 PM
There have been similar malware in the app store over time as well.

Like one.

SlCKB0Y
Oct 16, 2012, 06:43 PM
I can do 100 x more with a jailbroke device than I can with a rooted android device. I had a 10" toshiba thrive tablet rooted,I gave away besides only a couple of themes there is not much to it. With a jailbroke iPad/iPhone there is 100's of tweaks,themes and other stuff u can do. Heck you can take a jailbroke iPod and walk in to a business and hack their servers and they would not know it was you.

And beside that how many diff OS does android have. There is no telling what OS you will have on what device. They need to get their crap together

I honestly can't tell if this post is meant to be serious or not...

iAi
Oct 16, 2012, 06:58 PM
iPhone is not boring.

You can jailbreak or not jailbreak and have fantastic user experience etc regardless. And the very best apps (without worrying about malwares and such).

Oh, one more thing ...

munkery
Oct 16, 2012, 08:27 PM
There have been similar malware in the app store over time as well.

None that included privilege escalation which is required to produce banking malware and other malware that cause financial loss to the user.

The app in the App Store used users contacts to send spam about the app to get more users to download it. Official APIs allow access to contacts but iOS 6 requires the user to allow that access.

Android has banking malware, premium rate malware, and other malware that are much more problematic than the single example of spam malware from the App Store. This is because Android has many known privilege escalation vulnerabilities that allow user space security mitigation to be bypassed.

faroZ06
Oct 16, 2012, 08:40 PM
Is a jailbroken iPhone as safe as a non jailbroken iPhone? I ask the question because I don't know the answer.

Yes, but you could install apps that aren't safe. Same goes with Android vs un-jailbroken iOS. Most of the FBI warning applies to both un-jailbroken iOS and Android, leaving out the malware part.

----------


Android has banking malware, premium rate malware, and other malware that are much more problematic than the single example of spam malware from the App Store. This is because Android has many known privilege escalation vulnerabilities that allow user space security mitigation to be bypassed.
I wouldn't consider iOS itself safer than Android, but the walled garden App Store makes it safe. Remember that the root password on all iOS devices is, by default, either "alpine" or "dottie". The system of jailbreaking your iOS device if you know how to is good, and a jailbroken iOS device can typically do more than an Android device. Cydia is loaded.

----------

Applications cannot be installed on a stock iPhone by just visiting a website. There is no way for the trojan portion of this spy app to sneak onto your stock iPhone.

iOS 4 did have that vulnerability. You could jailbreak your iOS device by visiting a website!!! :eek: Good thing this was used for good and never for evil.

----------

Can someone please post a link to an app in google play that has malware/virus? It's such a huge problem it should be very easy.

This is more about the possibility of malware, and I'm confident that all known malware has been removed by now. I know this isn't malware, but it shows the freedom that Android gives its apps, which is not a good sign: https://play.google.com/store/apps/details?id=jackpal.androidterm&hl=en

xuselppa
Oct 16, 2012, 08:46 PM
None that included privilege escalation which is required to produce banking malware and other malware that cause financial loss to the user.

The app in the App Store used users contacts to send spam about the app to get more users to download it. Official APIs allow access to contacts but iOS 6 requires the user to allow that access.

Android has banking malware, premium rate malware, and other malware that are much more problematic than the single example of spam malware from the App Store. This is because Android has many known privilege escalation vulnerabilities that allow user space security mitigation to be bypassed.

Remember that smurf game that allowed kids to make real money transactions without parental approval? Or how about the thousands of people that have had their credit card and personal info stolen via the app store, because Apple security has been a joke. I had my info stolen and a bunch of Chinese crap apps purchased. After that, I never gave Apple my credit card and only used gift cards.
I have yet to have an issue with Google and now that they have Play Store gift cards, I use those.

Do not for one second believe Apple iOS or OSX is more secure than any other system. people used to believe the Mac was safe from viruses, until they realized they weren't. I use Avast on my Mac's and my S3. But I also consider the S3 more like a mini PC, whereas I view the iPhone more like a phone.

kdarling
Oct 16, 2012, 10:54 PM
Article on ZDNet talks about the FBI news release:

Android malware, FUD, and the FBI - Summary: A badly written FBI warning about Android malware has been taken to be about Android's security, when it's really about idiot users. (http://www.zdnet.com/android-malware-fud-and-the-fbi-7000005874/)

Excerpt:

Loozlon is a Trojan horse that Symantec reports as having less than 50 reported instances. FinFisher is a much more serious spyware program.

FinFisher has been around for years on Macs and Windows PCs as "legal" spyware from Gamma International, a UK security company. Recently it's been ported to all the major mobile devices, including Android, Blackberry, and, yes, the iPhone. It is in no way, shape, or form purely an Android problem.

In any case, both programs aren't classic computer viruses. They require users to go above and beyond the call of stupidity to catch them.

With both, you typically need to open a suspicious looking email, then follow a link, and then agree, in Android's case, to download the unknown Android application package (APK). After that, you have to tell your smartphone or tablet to install it even though it's not in Google's Play Store, ignore the malware warning, and then you finally get to infect your device.

In short, these malicious programs don't really infect devices. Maliciously stupid users do. Or, in the case of FinFisher, it might be your employer or your government.

munkery
Oct 16, 2012, 11:07 PM
Remember that smurf game that allowed kids to make real money transactions without parental approval?

Not malware.

The issue was parents not properly configuring settings.

Or how about the thousands of people that have had their credit card and personal info stolen via the app store, because Apple security has been a joke.

Link to credible source stating users credit card info stolen via App Store?

Do not for one second believe Apple iOS or OSX is more secure than any other system.

Android has a higher incidence rate of malware and infections than OS X despite OS X being a desktop OS which is supposedly more liable to attack.

This is because many Android devices are not fully patched and contain known vulnerabilities such as privilege escalation vulnerabilities that allow installation of malware the bypasses user space security mitigations.

https://blog.duosecurity.com/2012/09/early-results-from-x-ray-over-50-of-android-devices-are-vulnerable/

munkery
Oct 16, 2012, 11:21 PM
Article on ZDNet talks about the FBI news release:

Android malware, FUD, and the FBI - Summary: A badly written FBI warning about Android malware has been taken to be about Android's security, when it's really about idiot users. (http://www.zdnet.com/android-malware-fud-and-the-fbi-7000005874/)

Excerpt:

The critique in that article doesn't apply to all Android malware.

https://blog.duosecurity.com/2012/09/early-results-from-x-ray-over-50-of-android-devices-are-vulnerable/

http://www.csc.ncsu.edu/faculty/jiang/pubs/OAKLAND12.pdf

http://www.zdnet.com/blog/hardware/millions-caught-up-in-android-botnet/17891

xuselppa
Oct 16, 2012, 11:57 PM
Not malware.

The issue was parents not properly configuring settings.



Link to credible source stating users credit card info stolen via App Store?



Android has a higher incidence rate of malware and infections than OS X despite OS X being a desktop OS which is supposedly more liable to attack.

This is because many Android devices are not fully patched and contain known vulnerabilities such as privilege escalation vulnerabilities that allow installation of malware the bypasses user space security mitigations.

https://blog.duosecurity.com/2012/09/early-results-from-x-ray-over-50-of-android-devices-are-vulnerable/

I don't need to provide a link to Apple giving out people's info after a hacker answers a simple question and then gains full access to your account. It has been in the news and it personally happened to me. Like I said, after that I never gave Apple my credit card info and only redeemed iTunes cards. I do the exact same thing with Google Play Store cards.

And Android does have a higher rate of malware incidents over osx, for one simple reason. There aren't half a billion Mac's in the consumer space with 1.5 million purchased and activated daily, like Android based phones. Nor does Google limit who can use their OS on hardware, unlike Apple.

But we can also make the argument that all those 2nd and 3rd Gen ipods, ipad 1's and 3gs iPhones that can't run iOS 6 are still susceptible to Comex's jailbreak. So what is that? About 50 million iDevices still vulnerable to malware exploits.

It is ridiculous to argue that Apple is this perfect place where no bad will ever come to you. It's also insane not to protect your data, whether you think you need it or not. What is irnoic is that malware tends to be an indicator of the popularity of a platform. Outside the US, the iPhone just doesn't match the hype in the US. So why bother going after a tiny platform, when the masses use Android.

munkery
Oct 17, 2012, 01:01 AM
I don't need to provide a link to Apple giving out people's info after a hacker answers a simple question and then gains full access to your account. It has been in the news and it personally happened to me. Like I said, after that I never gave Apple my credit card info and only redeemed iTunes cards. I do the exact same thing with Google Play Store cards.

That individual was a victim of a targeted attack. Much of his personal information was easily accessible on the web which facilitated the attack.

What motivation did hackers have to do the same to you?

There have been no widespread reports of this occurring to other individuals on a large scale.

That hacking didn't start with Apple.

In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter.

The initial problem occurred with Amazon then that compromised information was used to compromise the Apple account.

Those security lapses are my fault, and I deeply, deeply regret them.

http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/

And Android does have a higher rate of malware incidents over osx, for one simple reason. There aren't half a billion Mac's in the consumer space with 1.5 million purchased and activated daily, like Android based phones. Nor does Google limit who can use their OS on hardware, unlike Apple.

Mac OS X overall market share = 6.30%

iOS overall market share = 5.67%

Android overall market share = 2.00%

http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=8&qpcustomd=

But we can also make the argument that all those 2nd and 3rd Gen ipods, ipad 1's and 3gs iPhones that can't run iOS 6 are still susceptible to Comex's jailbreak. So what is that? About 50 million iDevices still vulnerable to malware exploits.

iPhone 2G and iPod 1st gen running 3.1.3 are affected.

iPhone 3G, iPod 2nd gen, and iPod 3rd gen running 4.2.1 are not affected.

iPad 1st gen running 5.1.1 is not affected.

All other iOS devices run iOS 6.

So, only a very small percentage are affected by those known vulnerabilities. I suspect that many of those devices are no longer in use.

Also, users can't install software from anywhere. Leveraging that exploit via the browser requires more skill than that of the typical malware developer. And, it is not likely any one will bother doing so given how much easier it is to target Android.

It is ridiculous to argue that Apple is this perfect place where no bad will ever come to you. It's also insane not to protect your data, whether you think you need it or not. What is irnoic is that malware tends to be an indicator of the popularity of a platform. Outside the US, the iPhone just doesn't match the hype in the US. So why bother going after a tiny platform, when the masses use Android.

Market share data shows that far more iOS devices are in use. See link found earlier in this post.

I didn't say that is was perfect. Just better than the alternatives.

daveathall
Oct 17, 2012, 01:53 AM
Yes, but you could install apps that aren't safe. Same goes with Android vs un-jailbroken iOS. Most of the FBI warning applies to both un-jailbroken iOS and Android, leaving out the malware part.[COLOR="#808080"]


Thank you.:)

xuselppa
Oct 17, 2012, 11:59 AM
That individual was a victim of a targeted attack. Much of his personal information was easily accessible on the web which facilitated the attack.

What motivation did hackers have to do the same to you?

There have been no widespread reports of this occurring to other individuals on a large scale.

That hacking didn't start with Apple.
My point wasn't about where the hacking started, but rather the lax Apple security. And I wasn't specifically targeted, my credit card info, which was on file with Apple (thank you iTunes for requiring my personal credit info just to get an account) was stolen, along with thousands of others over the past few years. And yes, it was a serious problem, just not an acknowledged one. Kind of like Jobs pretending there was no antenna issues with the ip4. All I am saying is that Apple does not have some secret force field to prevent malware or hackers from entering their systems and taking info. It does happen, as Apple has made quite a few mistakes allowing certain apps to enter the app store that should have been caught.



Mac OS X overall market share = 6.30%
iOS overall market share = 5.67%
Android overall market share = 2.00%
http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=8&qpcustomd=


LOL. Nice find. Unfortunately, this link isn't based on sales or actual products, but instead on stock browser aggregate hits to sites associated with Netmarketshare. This is great for iOS devices because most use Safari for browsing. Android users tend to use many different browsers and a lot of users surf anonymously.
But if you want to believe what these guys say, then you will be happy to know that the iPad marketshare is 37% and iPhone is only 25%. Makes perfect sense right? LOL

Here are IDC stats based on real sales data:

Global Smartphone shipments reported August 8th.
http://www.email-marketing-reports.com/images/osidc.png

And July data of smartphone sales globally by manufacturer:
http://www.email-marketing-reports.com/images/smartidc.png


iPhone 2G and iPod 1st gen running 3.1.3 are affected.

iPhone 3G, iPod 2nd gen, and iPod 3rd gen running 4.2.1 are not affected.

iPad 1st gen running 5.1.1 is not affected.

All other iOS devices run iOS 6.

So, only a very small percentage are affected by those known vulnerabilities. I suspect that many of those devices are no longer in use.
Incorrect. All devices prior to the install of iOS6 are vulnerable to comex's root exploit.Apple just now shut that one down. But as I recall Musclenerd, i0n1c and the rest had 7 or 8 other exploits from 5.1.1 that Apple didn't know about. And isn't it funny that it took Apple hiring Comex in order for them to close his exploit?

As for Android, so many of those rogue programs go back to the days of Eclair and Froyo so I suspect that many of those devices are no longer in use. :-P


Also, users can't install software from anywhere. Leveraging that exploit via the browser requires more skill than that of the typical malware developer. And, it is not likely any one will bother doing so given how much easier it is to target Android.
Source for your claim? Did you use Absynthe jailbreak for ios5?

And hackers go after Android because it is the most used and popular mobile OS, not because it is easier. Same with Windows vs OSX or Ubuntu or Linux...

munkery
Oct 17, 2012, 03:21 PM
My point wasn't about where the hacking started, but rather the lax Apple security. And I wasn't specifically targeted, my credit card info, which was on file with Apple (thank you iTunes for requiring my personal credit info just to get an account) was stolen, along with thousands of others over the past few years. And yes, it was a serious problem, just not an acknowledged one. Kind of like Jobs pretending there was no antenna issues with the ip4. All I am saying is that Apple does not have some secret force field to prevent malware or hackers from entering their systems and taking info. It does happen, as Apple has made quite a few mistakes allowing certain apps to enter the app store that should have been caught.

This type of hacking occurs when the user doesn't properly secure their own accounts.

Weak passwords, password reuse, falling for phishing scam and etc.

LOL. Nice find. Unfortunately, this link isn't based on sales or actual products, but instead on stock browser aggregate hits to sites associated with Netmarketshare. This is great for iOS devices because most use Safari for browsing. Android users tend to use many different browsers and a lot of users surf anonymously.
But if you want to believe what these guys say, then you will be happy to know that the iPad marketshare is 37% and iPhone is only 25%. Makes perfect sense right? LOL

The user agent info collected shows the OS in use as well as the browser so the browser used doesn't impact the OS info.

Private browsing doesn't impact the collection of this info; it only prevents the browser from saving data from a browsing session.

That Netmarketshare data is relevant.

Incorrect. All devices prior to the install of iOS6 are vulnerable to comex's root exploit.Apple just now shut that one down. But as I recall Musclenerd, i0n1c and the rest had 7 or 8 other exploits from 5.1.1 that Apple didn't know about. And isn't it funny that it took Apple hiring Comex in order for them to close his exploit?

The Jailbreakme exploits could be leveraged via the browser and used in malware.

The other jailbreaks, including the untethered jailbreaks, start with a string of exploits that begin with a bootrom exploit. Bootrom exploits can't be leveraged directly from the browser so jailbreaks other than Jailbreakme are not applicable in malware.

As for Android, so many of those rogue programs go back to the days of Eclair and Froyo so I suspect that many of those devices are no longer in use. :-P

Read the following article:

https://blog.duosecurity.com/2012/09/early-results-from-x-ray-over-50-of-android-devices-are-vulnerable/

Source for your claim? Did you use Absynthe jailbreak for ios5?

Absinthe jailbreak starts with a bootrom exploit. See above for more info. I don't jailbreak.

And hackers go after Android because it is the most used and popular mobile OS, not because it is easier.

iOS has the larger market share.

http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=8&qpcustomd=

Android is an easier target.

https://blog.duosecurity.com/2012/09/early-results-from-x-ray-over-50-of-android-devices-are-vulnerable/

http://www.csc.ncsu.edu/faculty/jiang/pubs/OAKLAND12.pdf

http://www.zdnet.com/blog/hardware/millions-caught-up-in-android-botnet/17891

Here are IDC stats based on real sales data:

That represents only smartphone shipments/sales for one quarter.

It doesn't include tablet sales which are included in the same OS market share.

The following from the same link you provided represents the smartphone only market share but factor in the iPad and you get the numbers I provided.

xuselppa
Oct 17, 2012, 04:37 PM
This type of hacking occurs when the user doesn't properly secure their own accounts.

Weak passwords, password reuse, falling for phishing scam and etc.



The user agent info collected shows the OS in use as well as the browser so the browser used doesn't impact the OS info.

Private browsing doesn't impact the collection of this info; it only prevents the browser from saving data from a browsing session.

That Netmarketshare data is relevant.



The Jailbreakme exploits could be leveraged via the browser and used in malware.

The other jailbreaks, including the untethered jailbreaks, start with a string of exploits that begin with a bootrom exploit. Bootrom exploits can't be leveraged directly from the browser so jailbreaks other than Jailbreakme are not applicable in malware.



Read the following article:

https://blog.duosecurity.com/2012/09/early-results-from-x-ray-over-50-of-android-devices-are-vulnerable/



Absinthe jailbreak starts with a bootrom exploit. See above for more info. I don't jailbreak.



iOS has the larger market share.

http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=8&qpcustomd=

Android is an easier target.

https://blog.duosecurity.com/2012/09/early-results-from-x-ray-over-50-of-android-devices-are-vulnerable/

http://www.csc.ncsu.edu/faculty/jiang/pubs/OAKLAND12.pdf

http://www.zdnet.com/blog/hardware/millions-caught-up-in-android-botnet/17891



That represents only smartphone shipments/sales for one quarter.

It doesn't include tablet sales which are included in the same OS market share.

The following from the same link you provided represents the smartphone only market share but factor in the iPad and you get the numbers I provided.
Good God my man. You are completely and utterly out in left field. You are countering your own stats and points. Do you realize this?

NETMARKETSHARE is an aggregate data collection point reading stock browsers based on OS version. They are unable to determine if I am using an S2 on ICS, S3 on ICS, or a HP Touchpad running ICS and using Maxthon, Opera, Opera mini, and so on browsers. Additionally, they can only extract data from a few websites out of the whole internet. Do you understand the difference between actual sales of devices reported by independent sources (like the IDC ) and manufacturers vs some website collecting browser stats? And even that website contradicts the most basic known facts. i. e. They state that the iPad has more marketshare than the iPhone! If you believe that, I have a bridge to sell you in Brooklyn.

And here is a fact for you: Samsung, all by itself, sold more Smartphones last quarter than Apple sold iPads and iPhones COMBINED. I won't even get in to how far off you are on your idea that Android makes up less marketshare than iOS.

And now read your first couple of responses above and now here is one of you previous posts from this thread. You are contradicting yourself.


None that included privilege escalation which is required to produce banking malware and other malware that cause financial loss to the user.

The app in the App Store used users contacts to send spam about the app to get more users to download it. Official APIs allow access to contacts but iOS 6 requires the user to allow that access.

Android has banking malware, premium rate malware, and other malware that are much more problematic than the single example of spam malware from the App Store. This is because Android has many known privilege escalation vulnerabilities that allow user space security mitigation to be bypassed.

Quite frankly this is an exercise in futility for me. You can't understand the stats, so I can not have an intelligent debate with you. For this reason, I shall not respond further to this thread.

cynics
Oct 17, 2012, 04:52 PM
If it is known to be malware, it would have already been pulled from google play.

But, malware has been found in google play.

http://blogs.cio.com/mobile-security/17227/android-malware-infiltrates-google-play-store-infects-100k-devices

http://news.cnet.com/8301-1009_3-57470729-83/malware-went-undiscovered-for-weeks-on-google-play/

Sorry, I'm confused.....there is so much malware/virus in the play store but you are showing links of something that happened?

What I'm saying is I can find a virus for PC currently on the internet. I was just looking for malware/virus currently in the play store. I keep hearing its a huge problem.

munkery
Oct 17, 2012, 06:31 PM
Good God my man. You are completely and utterly out in left field. You are countering your own stats and points. Do you realize this?...

The amount sold last quarter doesn't represent the total amount sold since the initial release of devices that run each mobile OS.

iOS was released more than a year before Android and sales of Android devices took longer to initially ramp up, especially for sales of Android tablets.

More iOS devices have been sold since the initial release of iOS devices than Android devices have been sold since the initial release of Android. This number may be very close now.

If you look at mobile device sales for quarters in which new iOS devices are released, iOS obviously has a higher rate of shipments and sales than in quarters when no new devices are released.

Android devices are steadily narrowing the gap of the head start afforded to iOS devices due to higher sales rates more recently but recent sales statistics doesn't represent total market share.

The hardware manufacturer doesn't matter because it is the OS that is targeted by malware. Also, mobile device manufacturers, such as Samsung, don't only produce Android devices.

370200

Sorry, I'm confused.....there is so much malware/virus in the play store but you are showing links of something that happened?

What I'm saying is I can find a virus for PC currently on the internet. I was just looking for malware/virus currently in the play store. I keep hearing its a huge problem.

If I was aware of malware in Google Play, then most likely Google would be aware of it and it would be pulled from Google Play.

Obviously, I can only post links to incidences of malware being in Google Play.

__________

Ok, here are some better stats. It shows Android with a slight lead but it also shows the trend of how Android market share has only rumped up recently.

These market share numbers don't justify the enormous difference in the amount of malware affecting iOS vs Android given the market share trends.

The difference is due to Android being a much easier target.

370217